FIDO to NIST: Add Multi-Factor Security Requirement to Cybersecurity Framework

The National Institute of Standards and Technology (NIST) is getting ready to update its Framework for Improving Critical Infrastructure Cybersecurity, and the FIDO Alliance is urging it to heed its call for the need for multi-factor authentication.FIDO to NIST: Add Multi-Factor Security Requirement to Cybersecurity Framework

The guideline was first published in 2014, at a time when Apple’s Touch ID system was only just starting its pioneering work in mainstreaming biometric authentication on mobile devices, and traditional password-based security remained the foremost digital security mechanism on consumers’ minds. Writing in a new post on the FIDO Alliance website, the consortium’s executive director, Brett McDowell, said that NIST itself has acknowledged that multi-factor authentication was left out of its original Cybersecurity Framework “due to challenges associated with authentication in 2013-2014, including lack of standards to promote security and interoperability”.

Things have changed, of course. FIDO’s authentication protocols have emerged as widely accepted authentication standards, having seen support from huge brands like Google and Facebook. Meanwhile, a plethora of new technology solutions have emerged for consumers, many of whom are by now used to multi-factor authentication on their mobile devices. That being the case, FIDO has submitted comments on NIST’s draft updates urging the addition of an authentication subcategory recommending that “authentication of authorized users is protected by multiple factors.”

With digital security of greater importance than ever, and plenty of technology at hand to make multi-factor authentication not only possible but convenient, there is good reason for NIST to heed FIDO’s recommendation.

(Originally posted on Mobile ID World)